What is it about?
A vulnerability (CVE-2019-19781) has been identified in Citrix Application Delivery Controller (formerly known as NetScaler ADC) and Citrix Gateway(formerly known as NetScaler Gateway) according to Citrix Security releases.
What is the impact of this attack?
If this vulnerability exploited , could allow the attacker to get access to internal network without authentication and perform arbitrary code execution .
However, there is no patch for the vulnerability at this time, so in order to find out when the updated firmware is available for the affected Citrix products, it is recommended to subscribe at:
Affected product versions
According to Citrix the CVE-2019-19781 vulnerability impacts the following product versions:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
What organisations should do as part of mitigation and prevention actions
It is strongly recommended that affected customers should immediately take action and apply the provided mitigation steps (see link below).
You can find more information regarding the vulnerability in Citrix knowledge base article:
- CVE-2019-19781:Â https://support.citrix.com/article/CTX267027